Introducing Diligence Fuzzing

Photo by Ian Battaglia on Unsplash

The ConsenSys Diligence team has built a lot of tools with use cases ranging from automatic vulnerability discovery (check out MythX) to network-based vulnerability scanning (TeaTime), to code understanding tools (Surya, VSCode visual developer).

Check out all our tools here: Blockchain Security Tools | ConsenSys Diligence

A few months ago, we released Scribble, an all-new specification language for smart contracts. Using Scribble, you can extend your smart contract with specifications that we can automatically check using fuzzing and symbolic execution techniques.

Now it’s time for the next step in our Diligence master plan: “Diligence Fuzzing”.

Diligence Fuzzing is a product that automatically checks the correctness of your code by executing millions of simulated transactions.

We’ve been developing and perfecting our fuzzer for years, and it is one of the primary techniques used in our MythX security analysis - instrumental for finding more bugs during audits!

However, until now, we’ve not provided direct access to our Harvey fuzzing engine. This is about to change with Diligence Fuzzing!

Sign up now for early access!

Fuzzing will completely renovate the SDLC.

There are two big areas where you can expect to see the benefits of fuzzing.

Security - Fuzzing will bring a significant improvement to the security of your smart contracts. The fuzzer minimises risk and checks that your smart contracts are doing what they should be doing through the execution of millions of intelligently selected inputs.

Productivity - The second area where you’ll see enormous improvements is the productivity boost it provides to development. Code reviews and consecutive bug fixes can consume quite some time. The feedback loops often take too long. Fuzzing fixes this by giving developers instant feedback!

How it works

So what does it look like to have fuzzing in your development workflow?

Check out my earlier article about Scribble and property-based testing here

There are three main steps for Fuzzing:

  1. Write properties using Scribble
  2. Deploy annotated contracts to Ganache
  3. Start Fuzzing!

The first step is using Scribble to write properties. You write rules that describe how your smart contracts should work. The fuzzer will use these Scribble properties to check for inconsistencies (potential vulnerabilities) in the contract and it will report them to you!

Interested in generic vulnerability detection? Check out our other product, MythX. It uses fuzzing, symbolic execution and static analysis to detect tons of different vulnerabilities out of the box.

In the second step, we take the Scribble properties and transform them into Solidity code that a fuzzer can check. Then you deploy the transformed smart contracts on a ganache node.

We copy over this deployment into our fuzzer and use it as a starting point for fuzzing. This way, fuzzing starts on an actual deployment of the components in your system, testing how the system components interact.

💡 You can often use existing test fixtures or deployment scripts for your fuzzing seeds!

The last step is where the fun is! Fuzzing!

Using the fuzzing CLI, you’ll send over the seed deployment and the source contracts in your project. Then, we start our bleeding-edge fuzzer Harvey and wait for results to come in 🚀.

How Diligence Fuzzing is going to change the world!

These are 4 of Fuzzing’s most awesome features:

♻️ Re-use of test fixtures and deployment scripts

You don’t need to completely re-write your smart contracts! 90% of seed deployment scripts are copy-pasted from fixtures and existing deployment scripts. The other 10% only takes about 5 minutes to add ⏱️.

🔄 Incremental fuzzing

Fuzzing is awesome; incremental fuzzing even more! Instead of starting each fuzzing campaign from scratch, you re-use previous fuzzing runs to supercharge consecutive fuzzing campaigns.

📈 Coverage

Fuzzing is fantastic, but it can be tough to see what it is doing under the hood. Usually, you don’t know if the Fuzzer can cover every part of a codebase. If there is coverage at all, then it’s usually just a single chart showing the overall cumulative coverage.

Diligence Fuzzing doesn’t just give detailed overall coverage metrics, including instruction coverage, path coverage, and branch coverage. We also show you exactly which lines the fuzzer reached!

Using this information, you can tweak seed deployment and properties to ensure each part of their smart contracts is covered.

🩸Bleeding edge grey box fuzzing

We’ve been working on Harvey for several years now as part of the MythX analysis platform. The work we put into Harvey has also been part of our academic papers, published at top conferences.

Harvey: A Greybox Fuzzer for Smart Contracts (ESEC/FSE 2020)

Targeted Greybox Fuzzing with Static Lookahead Analysis (ICSE 2020)

Sign Up Now!

ConsenSys Diligence is granting early access to Diligence Fuzzing, and we’re working around the clock to get it into your hands! Until it is publicly available, you can sign up for the early access waiting list here:

Register now for early access! for early access!

All posts chevronRight icon